Tags: sqlinjection
Rating:
Problem Statement (200 points):
There is a website running at http://2018shell2.picoctf.com:28402 (link). Do you think you can log us in? Try to see if you can login!
Tags : Sql injection
Solution:
In this we have to log in as admin.Opening the link leads to a website having photos of people.on side menu there is admin login option.On opening the login page we have to login with username admin but don't know the password so i tried the basic sql injection('or'1'='1) and then i was awarded with flag :
Your flag is: picoCTF{con4n_r3411y_1snt_1r1sh_f58843c5}
